MEDIUM
OpenPLC Project
CVE published 2026-05-13
CVE-2026-31156
A path injection vulnerability in OpenPLC v3 (commit 2c82b0e79c53f8c1f1458eee15fec173400d6e1a) allows authenticated attackers to read arbitrary files on the system. The vulnerability exists in the glue_generator.cpp component, where user-supplied file paths passed via command-line arguments are used directly in file operations without validation. An attacker with local access can exploit this by providing [truncated]